Re: phpBB2 2.0.22 Cross Site Scripting Vulnerability

看板Bugtraq作者neothermic.時間18年前 (2008/01/04 02:01)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串2/4 (看更多)

This exploit is a non-issue. It assumes that you have access to the admin panel. At some point we have to trust that you are a real admin and not a malicious user. HTML is allowed in some parts of the ACP due to the fact that BBCode is not parsed in these areas. I would encourage anyone finding a possible vulnerability in phpBB to report it properly at our security tracker ( http://www.phpbb.com/security/ ), or e-mail it to security at phpbb.com NeoThermic phpBB Support Team, Audit Team and Incident Investigation Team Leader

‣ 返回看板[ Bugtraq ] 臭蟲

‣ 更多 neothermic. 的文章

文章代碼(AID): #17VICH00 (Bugtraq)